[PATCH nft] datatype: Replace getnameinfo() by internal lookup table

[PATCH nft] datatype: Replace getnameinfo() by internal lookup table

[Elise Lennion]

To avoid exceeding the inputs number limit of the flex scanner used.

Using port number as index, to map service names in the table, results
in a very sparse table, so a new struct is needed to associate ports
with names.

Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
---

 The services list are all well-known and registered ports of my local
 /etc/services file.

 include/datatype.h |  11 ++++
 src/datatype.c     | 159 ++++++++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 162 insertions(+), 8 deletions(-)

diff --git a/include/datatype.h b/include/datatype.h
index 9f3f711..9c34c50 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -172,6 +172,17 @@ struct symbolic_constant {
 	uint64_t			value;
 };
 
+/**
+ * struct port_servname - port <-> service name mapping
+ *
+ * @port: port number
+ * @name: service name
+ */
+struct port_servname {
+	uint16_t			port;
+	char				*name;
+};
+
 #define SYMBOL(id, v)	{ .identifier = (id), .value = (v) }
 #define SYMBOL_LIST_END	(struct symbolic_constant) { }
 
diff --git a/src/datatype.c b/src/datatype.c
index 1e40287..85b261d 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -28,6 +28,156 @@
 
 #include <netinet/ip_icmp.h>
 
+static const struct port_servname services[] = {
+	{1, "tcpmux"}, {7, "echo"}, {9, "discard"},
+	{11, "systat"}, {13, "daytime"}, {15, "netstat"},
+	{17, "qotd"}, {18, "msp"}, {19, "chargen"},
+	{20, "ftp-data"}, {21, "ftp"}, {22, "ssh"},
+	{23, "telnet"}, {25, "smtp"}, {37, "time"}, {39, "rlp"},
+	{42, "nameserver"}, {43, "whois"}, {49, "tacacs"},
+	{50, "re-mail-ck"}, {53, "domain"}, {57, "mtp"},
+	{65, "tacacs-ds"}, {67, "bootps"}, {68, "bootpc"},
+	{69, "tftp"}, {70, "gopher"}, {77, "rje"}, {79, "finger"},
+	{80, "http"}, {87, "link"}, {88, "kerberos"},
+	{95, "supdup"}, {98, "linuxconf"}, {101, "hostnames"},
+	{102, "iso-tsap"}, {104, "acr-nema"}, {105, "csnet-ns"},
+	{106, "poppassd"}, {107, "rtelnet"}, {109, "pop2"},
+	{110, "pop3"}, {111, "sunrpc"}, {113, "auth"},
+	{115, "sftp"}, {117, "uucp-path"}, {119, "nntp"},
+	{123, "ntp"}, {129, "pwdgen"}, {135, "loc-srv"},
+	{137, "netbios-ns"}, {138, "netbios-dgm"},
+	{139, "netbios-ssn"}, {143, "imap2"}, {161, "snmp"},
+	{162, "snmp-trap"}, {163, "cmip-man"},
+	{164, "cmip-agent"}, {174, "mailq"}, {177, "xdmcp"},
+	{178, "nextstep"}, {179, "bgp"}, {191, "prospero"},
+	{194, "irc"}, {199, "smux"}, {201, "at-rtmp"},
+	{202, "at-nbp"}, {204, "at-echo"}, {206, "at-zis"},
+	{209, "qmtp"}, {210, "z3950"}, {213, "ipx"},
+	{220, "imap3"}, {345, "pawserv"}, {346, "zserv"},
+	{347, "fatserv"}, {369, "rpc2portmap"},
+	{370, "codaauth2"}, {371, "clearcase"},
+	{372, "ulistserv"}, {389, "ldap"}, {406, "imsp"},
+	{427, "svrloc"}, {443, "https"}, {444, "snpp"},
+	{445, "microsoft-ds"}, {464, "kpasswd"}, {465, "urd"},
+	{487, "saft"}, {500, "isakmp"}, {512, "biff"},
+	{512, "exec"}, {513, "login"}, {513, "who"},
+	{514, "shell"}, {514, "syslog"}, {515, "printer"},
+	{517, "talk"}, {518, "ntalk"}, {520, "route"},
+	{525, "timed"}, {526, "tempo"}, {530, "courier"},
+	{531, "conference"}, {532, "netnews"}, {533, "netwall"},
+	{538, "gdomap"}, {540, "uucp"}, {543, "klogin"},
+	{544, "kshell"}, {546, "dhcpv6-client"},
+	{547, "dhcpv6-server"}, {548, "afpovertcp"},
+	{549, "idfp"}, {554, "rtsp"}, {556, "remotefs"},
+	{563, "nntps"}, {587, "submission"}, {607, "nqs"},
+	{610, "npmp-local"}, {611, "npmp-gui"}, {612, "hmmp-ind"},
+	{623, "asf-rmcp"}, {628, "qmqp"}, {631, "ipp"},
+	{636, "ldaps"}, {655, "tinc"}, {706, "silc"},
+	{749, "kerberos-adm"}, {750, "kerberos4"},
+	{751, "kerberos-master"}, {752, "passwd-server"},
+	{754, "krb-prop"}, {760, "krbupdate"}, {765, "webster"},
+	{775, "moira-db"}, {777, "moira-update"},
+	{779, "moira-ureg"}, {783, "spamd"}, {808, "omirr"},
+	{871, "supfilesrv"}, {873, "rsync"}, {901, "swat"},
+	{989, "ftps-data"}, {990, "ftps"}, {992, "telnets"},
+	{993, "imaps"}, {994, "ircs"}, {995, "pop3s"},
+	{1001, "customs"}, {1080, "socks"}, {1093, "proofd"},
+	{1094, "rootd"}, {1099, "rmiregistry"}, {1109, "kpop"},
+	{1127, "supfiledbg"}, {1178, "skkserv"},
+	{1194, "openvpn"}, {1210, "predict"}, {1214, "kazaa"},
+	{1236, "rmtcfg"}, {1241, "nessus"}, {1300, "wipld"},
+	{1313, "xtel"}, {1314, "xtelw"}, {1352, "lotusnote"},
+	{1433, "ms-sql-s"}, {1434, "ms-sql-m"},
+	{1524, "ingreslock"}, {1525, "prospero-np"},
+	{1529, "support"}, {1645, "datametrics"},
+	{1646, "sa-msg-port"}, {1649, "kermit"},
+	{1677, "groupwise"}, {1701, "l2f"}, {1812, "radius"},
+	{1813, "radius-acct"}, {1863, "msnp"},
+	{1957, "unix-status"}, {1958, "log-server"},
+	{1959, "remoteping"}, {2000, "cisco-sccp"},
+	{2003, "cfinger"}, {2010, "pipe-server"},
+	{2010, "search"}, {2049, "nfs"}, {2053, "knetd"},
+	{2086, "gnunet"}, {2101, "rtcm-sc104"},
+	{2102, "zephyr-srv"}, {2103, "zephyr-clt"},
+	{2104, "zephyr-hm"}, {2105, "eklogin"}, {2111, "kx"},
+	{2119, "gsigatekeeper"}, {2121, "frox"}, {2121, "iprop"},
+	{2135, "gris"}, {2150, "ninstall"}, {2401, "cvspserver"},
+	{2430, "venus"}, {2431, "venus-se"}, {2432, "codasrv"},
+	{2433, "codasrv-se"}, {2583, "mon"}, {2600, "zebrasrv"},
+	{2601, "zebra"}, {2602, "ripd"}, {2603, "ripngd"},
+	{2604, "ospfd"}, {2605, "bgpd"}, {2606, "ospf6d"},
+	{2607, "ospfapi"}, {2608, "isisd"}, {2628, "dict"},
+	{2792, "f5-globalsite"}, {2811, "gsiftp"}, {2947, "gpsd"},
+	{2988, "afbackup"}, {2989, "afmbackup"}, {3050, "gds-db"},
+	{3130, "icpv2"}, {3260, "iscsi-target"}, {3306, "mysql"},
+	{3493, "nut"}, {3632, "distcc"}, {3689, "daap"},
+	{3690, "svn"}, {4031, "suucp"}, {4094, "sysrqd"},
+	{4190, "sieve"}, {4224, "xtell"}, {4353, "f5-iquery"},
+	{4369, "epmd"}, {4373, "remctl"}, {4500, "ipsec-nat-t"},
+	{4557, "fax"}, {4559, "hylafax"}, {4569, "iax"},
+	{4600, "distmp3"}, {4691, "mtn"}, {4899, "radmin-port"},
+	{4949, "munin"}, {5002, "rfe"}, {5050, "mmcc"},
+	{5051, "enbd-cstatd"}, {5052, "enbd-sstatd"},
+	{5060, "sip"}, {5061, "sip-tls"}, {5151, "pcrd"},
+	{5190, "aol"}, {5222, "xmpp-client"},
+	{5269, "xmpp-server"}, {5308, "cfengine"}, {5353, "mdns"},
+	{5354, "noclog"}, {5355, "hostmon"}, {5432, "postgresql"},
+	{5555, "rplay"}, {5556, "freeciv"}, {5666, "nrpe"},
+	{5667, "nsca"}, {5671, "amqps"}, {5672, "amqp"},
+	{5674, "mrtd"}, {5675, "bgpsim"}, {5680, "canna"},
+	{5688, "ggz"}, {6000, "x11"}, {6001, "x11-1"},
+	{6002, "x11-2"}, {6003, "x11-3"}, {6004, "x11-4"},
+	{6005, "x11-5"}, {6006, "x11-6"}, {6007, "x11-7"},
+	{6346, "gnutella-svc"}, {6347, "gnutella-rtr"},
+	{6444, "sge-qmaster"}, {6445, "sge-execd"},
+	{6446, "mysql-proxy"}, {6514, "syslog-tls"},
+	{6566, "sane-port"}, {6667, "ircd"},
+	{7000, "afs3-fileserver"}, {7001, "afs3-callback"},
+	{7002, "afs3-prserver"}, {7003, "afs3-vlserver"},
+	{7004, "afs3-kaserver"}, {7005, "afs3-volser"},
+	{7006, "afs3-errors"}, {7007, "afs3-bos"},
+	{7008, "afs3-update"}, {7009, "afs3-rmtsys"},
+	{7100, "font-service"}, {8021, "zope-ftp"},
+	{8080, "http-alt"}, {8081, "tproxy"}, {8088, "omniorb"},
+	{8990, "clc-build-daemon"}, {9098, "xinetd"},
+	{9101, "bacula-dir"}, {9102, "bacula-fd"},
+	{9103, "bacula-sd"}, {9359, "mandelspawn"}, {9418, "git"},
+	{9667, "xmms2"}, {9673, "zope"}, {10000, "webmin"},
+	{10050, "zabbix-agent"}, {10051, "zabbix-trapper"},
+	{10080, "amanda"}, {10081, "kamanda"},
+	{10082, "amandaidx"}, {10083, "amidxtape"},
+	{10809, "nbd"}, {11112, "dicom"}, {11201, "smsqp"},
+	{11371, "hkp"}, {13720, "bprd"}, {13721, "bpdbm"},
+	{13722, "bpjava-msvc"}, {13724, "vnetd"}, {13782, "bpcd"},
+	{13783, "vopied"}, {15345, "xpilot"}, {17001, "sgi-cmsd"},
+	{17002, "sgi-crsd"}, {17003, "sgi-gcd"},
+	{17004, "sgi-cad"}, {17500, "db-lsp"}, {20011, "isdnlog"},
+	{20012, "vboxd"}, {22125, "dcap"}, {22128, "gsidcap"},
+	{22273, "wnn6"}, {24554, "binkp"}, {27374, "asp"},
+	{30865, "csync2"}
+};
+
+static void service_lookup(const uint16_t port, char *buf)
+{
+	uint16_t s = 0;
+	uint16_t m;
+	uint16_t e = sizeof(services) / sizeof(struct port_servname) - 1;
+
+	while (s < e) {
+		m = s + (e - s)/2;
+
+		if (services[m].port < port)
+			s = m + 1;
+		else
+			e = m;
+	}
+
+	if (services[s].port == port)
+		strcpy(buf, services[s].name);
+	else
+		sprintf(buf, "%hu", port);
+}
+
 static const struct datatype *datatypes[TYPE_MAX + 1] = {
 	[TYPE_INVALID]		= &invalid_type,
 	[TYPE_VERDICT]		= &verdict_type,
@@ -561,16 +711,9 @@ static void inet_service_type_print(const struct expr *expr)
 {
 	struct sockaddr_in sin = { .sin_family = AF_INET };
 	char buf[NI_MAXSERV];
-	int err;
 
 	sin.sin_port = mpz_get_be16(expr->value);
-	err = getnameinfo((struct sockaddr *)&sin, sizeof(sin), NULL, 0,
-			  buf, sizeof(buf),
-			  numeric_output < NUMERIC_PORT ? 0 : NI_NUMERICSERV);
-	if (err != 0) {
-		getnameinfo((struct sockaddr *)&sin, sizeof(sin), NULL,
-			    0, buf, sizeof(buf), NI_NUMERICSERV);
-	}
+	service_lookup(ntohs(sin.sin_port), buf);
 	printf("%s", buf);
 }
 
-- 
2.7.4

Re: [PATCH nft] datatype: Replace getnameinfo() by internal lookup table

[Pablo Neira Ayuso]

Hi Elise,

On Wed, Nov 23, 2016 at 08:53:17PM -0200, Elise Lennion wrote:
> To avoid exceeding the inputs number limit of the flex scanner used.
> 
> Using port number as index, to map service names in the table, results
> in a very sparse table, so a new struct is needed to associate ports
> with names.

Please, indicate what /etc/services you have used, ie. your linux
distro version, so that info remains here for the record.

More comments below.

> Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
> ---
> 
>  The services list are all well-known and registered ports of my local
>  /etc/services file.
> 
>  include/datatype.h |  11 ++++
>  src/datatype.c     | 159 ++++++++++++++++++++++++++++++++++++++++++++++++++---
>  2 files changed, 162 insertions(+), 8 deletions(-)
> 
> diff --git a/include/datatype.h b/include/datatype.h
> index 9f3f711..9c34c50 100644
> --- a/include/datatype.h
> +++ b/include/datatype.h
> @@ -172,6 +172,17 @@ struct symbolic_constant {
>  	uint64_t			value;
>  };
>  
> +/**
> + * struct port_servname - port <-> service name mapping
> + *
> + * @port: port number
> + * @name: service name
> + */
> +struct port_servname {
> +	uint16_t			port;
> +	char				*name;
> +};
> +
>  #define SYMBOL(id, v)	{ .identifier = (id), .value = (v) }
>  #define SYMBOL_LIST_END	(struct symbolic_constant) { }
>  
> diff --git a/src/datatype.c b/src/datatype.c
> index 1e40287..85b261d 100644
> --- a/src/datatype.c
> +++ b/src/datatype.c
> @@ -28,6 +28,156 @@
>  
>  #include <netinet/ip_icmp.h>
>  
> +static const struct port_servname services[] = {

Given that this is long, please, place this and nft_service_lookup()
under a new file, src/services.c.

> +	{1, "tcpmux"}, {7, "echo"}, {9, "discard"},

We use symbol_table for these definitions instead, eg.

        static const struct symbol_table icmp_code_tbl = {
                ...
                .sym_tbl        = &icmp_code_tbl,

If you attach the symbol table that defines the services to the
inet_service_type definition, then "nft describe tcp dport" will also
display the available service names.

BTW, on a different front, the binary search in this patch is useful,
you can probably integrate this into the core, I mean
symbolic_constant_print(). Only problem is that we would need an
explicit size in struct symbol_table, but that shouldn't be a problem.
And update many spots in the code, but that should be fine. You can
follow up with a patch that applies on top of this to add this binary
search approach.

Thanks.